From f7dfad7310e47fd686c8eb6adc2d64a442629deb Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sat, 18 Nov 2023 05:05:39 +0800
Subject: [PATCH] fix(rook-ceph): CephFS CSI use network encryption

---
 kube/deploy/core/storage/rook-ceph/app/hr.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kube/deploy/core/storage/rook-ceph/app/hr.yaml b/kube/deploy/core/storage/rook-ceph/app/hr.yaml
index 62898f94..a97d3664 100644
--- a/kube/deploy/core/storage/rook-ceph/app/hr.yaml
+++ b/kube/deploy/core/storage/rook-ceph/app/hr.yaml
@@ -34,6 +34,7 @@ spec:
       enableCSIHostNetwork: true
       # enableCSIEncryption: true
       enableCSIEncryption: false # TODO: disable for now till needed, and key management is decided
+      cephFSKernelMountOptions: "ms_mode=secure" # needed for mounting CephFS on a cluster with network encryption enabled
       enableMetadata: true # I love my verbosity
       csiAddons: # for RBD NodeLoss failover
         enabled: true